Tuesday, January 27, 2009

Web Vulnerability Scanners Comparison

In the past weeks, I've performed an evaluation/comparison of three popular web vulnerability scanners.This evaluation was ordered by a penetration testing company that will remain anonymous. The vendors were not contacted during or after the evaluation.

I've included enough information in this report (the javascript files used for testing, exact version and URL for all the tested applications) so anybody with enough patience can verify and reproduce the results presented here.

Therefore, I will not respond to emails for vendors. You have the information, fix your scanners!

Not sure if anyone saw this, but Acunetix (who won) must be listening, because they claim they now catch everything in this test suite...http://www.acunetix.com/blog/productnews/updated-acunetix-wvs-addresses-anantas-comparison-report-issues/